Least Privilege in Windows Vista
I'm a longtime subscriber. It's amazing how often this magazine reads my mind. I want to contribute my 2 cents about Michael Otey's "Top 10: The Ins and Outs of Windows Vista" (November 2005, InstantDoc ID 47841). I couldn't believe that Michael didn't mention the least privilege design feature in Vista. To me, this feature is the only compelling reason to upgrade to Vista. Too much software is being written by lazy programmers who won't follow Microsoft guidelines: Their software requires Administrator privileges just to run. I used to be a programmer, so I understand the situation to a degree, but such programming is killing systems administrators who take least privilege seriously. —Rob John
I agree that the ability to run under least privilege is one of Vista's most important features. I didn't include information about least privilege in my article because I was covering only the feature revisions in Vista. Thanks for pointing out the least privilege functionality! —Michael Otey
Crouching Server, Hidden Memory Leak
Curt Spanburgh's IT Pro Hero story, "Crouching Server, Hidden Memory Leak" (November 2005, InstantDoc ID 48029), is a great article. Many times, the small applications that companies add on to their servers are more trouble than they're worth. I make it a point periodically to completely format and rebuild from scratch any server we use for production solely to clean out the bloat. Nice troubleshooting, Curt. —Michael Pietrzak
Curt Spanburgh's excellent article contributed to my "Learn something new every day" plan. Where do I find the CD Curt mentioned," Tuning Your Windows 2000 Servers"? —W. Galanis
You can find Mark Minasi's "Tuning 2000/XP/2003" CD-ROM at http:// www.minasi.com/audio.htm. —Dianne Russell
Identity Management Headaches
I just finished Karen Forster's "Does Your Network See Dead People?" (November 2005, InstantDoc ID 47780). It's a great read. From my chair, identity management presents huge opportunities, but at the cost of expending considerable time and effort nailing down your business rules. Identity management tends to be one of those "Mother of All Solutions" deals. What happens when you have a very narrowly scoped tactical problem you're trying to solve and your enterprise isn't ready to take on the whole identity management thing?
Take my company's case as an example: All our file serving is done on NetWare. We use Novell Directory Services (NDS) to assign file permissions to our 12TB of Net-Ware volumes, and Active Directory (AD) for access to everything else. We have more than 350 Windows servers and more than 4000 users. What happened to Microsoft Directory-Synchronization Services (MSDSS) as a solution for scenarios like ours? Microsoft just informed us that it no longer offers MSDSS as a feature pack or add-on for Windows 2000. Now we'll have to implement an identity management solution to get the narrow functionality we need—but maybe that's not a bad thing. Microsoft suggested that we migrate our file servers off NetWare, but our CIO said "No way" to that (he's a big believer in heterogeneous environments). It turns out that Novell's identity management solution comes with the NetWare client access licenses (CALs) that we renew every year—and, it's Gartner's top-rated identity management solution. —Chuck Mahon
Thanks for The Business End
I want to let you know how interesting and helpful I find Ben Smith's "The Business End" columns. As a subscriber since 1998, I've grown up with the magazine. I've gone from being a network administrator to projects manager to worldwide corporate IT manager, and I've always appreciated Windows IT Pro for its in-depth technical information. Now, when I'm in a management position as well as being a technical "guru" for my organization, I find Ben's columns extremely helpful. They give me an IT management perspective as well as covering the technical bases. I always get the kinds of tools I need: the management perspective on IT concerns, management analysis of business needs, cost analysis information, and so on. I'd like to see Ben's column expand to cover even more aspects of IT management. Thanks for helping me do my job. —Sharon Leibel
